Fri, Nov 3, 2023
KAPE Quarterly Update – Q3 2023
KAPE had several updates during Q3 2023. Here is a recap of all the important enhancements and news from July through September 2023:
Key Q3 2023 KAPE Updates
- KAPE virtual training update
- KAPE Official Demo
- !SANS_Triage Compound Target Updated
- New KAPE Modules
- Q3 2023 KapeFiles Changes
KAPE Training Revamp
KAPE training will no longer be offered as live training sessions but rather will be hosted in a self-paced model for students to become trained and certified at their own convenience.
The new training model will provide the following:
- The same elite instructors
- Expansion of tools covered
- More sections explored
- New in-depth walkthroughs
- Additional content
- No time constraints
- An updated certification exam
Kroll will look to release the overhauled KAPE Training program towards the end of 2023. More details to come.
KAPE Official Demo
As highlighted in the previous Q2 2023 Quarterly Update, Kroll published an official demo walkthrough of KAPE by Andrew Rathbun. Check it out!
!SANS_Triage Compound Target Updated
The !SANS_Triage Compound Target has been updated with multiple new artifacts, including:
New KAPE Modules
Multiple useful KAPE Modules were created during Q3 2023. TZWorks’ tools had many new Modules created for multiple different tools within the TZWorks suite, as found here. Additional helpful PowerShell Modules have been added that can be used to convert PowerShell consolehost history.txt and Usage Logs files to CSV, which can then be ingested into a tool like Timeline Explorer for analysis. Lastly, multiple new NirSoft tools had Modules created for them, as found here.
Q3 2023 KapeFiles Changes
Here is an overview of the changes to the KapeFiles GitHub repository from July 1, 2023 to September 30, 2023.
KAPE-Related GitHub Repositories
Our experts recommend “watching” the following GitHub repositories for KAPE-related updates:
- KAPE Targets and Modules
- Registry Explorer/RECmd Plugins
- RECmd Batch Files
- SQLECmd Maps
- EvtxECmd Maps
Keep KAPE Updated
Looking for the EZ button to keep KAPE, EZ Tools and the ancillary files associated with your instance(s) of KAPE updated? Check out the PowerShell script created by Kroll’s Andrew Rathbun here to ensure your copy of KAPE is being updated.
KAPE Resources
There are a number of KAPE resources for additional KAPE support, including the KAPE manual, or you can contact our experts directly at [email protected]. An enterprise license is required when KAPE is used on a third-party network and/or as part of a paid engagement.
Cyber Risk
Incident response, digital forensics, breach notification, managed detection services, penetration testing, cyber assessments and advisory.
24x7 Incident Response
Enlist experienced responders to handle the entire security incident lifecycle.
Data Recovery and Forensic Analysis
Kroll's expertise establishes whether data was compromised and to what extent. We uncover actionable information, leaving you better prepared to manage a future incident.
Computer Forensics
Kroll's computer forensics experts ensure that no digital evidence is overlooked and assist at any stage of an investigation or litigation, regardless of the number or location of data sources.
Business Email Compromise (BEC) Response and Investigation
In a business email compromise (BEC) attack, fast and decisive response can make a tremendous difference in limiting financial, reputational and litigation risk. With decades of experience investigating BEC scams across a variety of platforms and proprietary forensic tools, Kroll is your ultimate BEC response partner.
Kroll Artifact Parser And Extractor (KAPE)
Find, collect and process forensically useful artifacts in minutes.
Kroll Artifact Parser and Extractor (KAPE) Resources
The latest KAPE tutorials, webcasts and guides created by Kroll instructors.